Home    Product home page    Download    Order
Contents
Introduction
PSSDK basics
BPF programming
HNPSManager
HNAdapter
HNFileAdapter
HNAdapterConfig
HNUserFilter
Properties
Methods
BpfAddCmd
BpfAddJmp
BpfCheckFilter
BpfCheckPacket
BpfClear
BpfCompileBPFAsmFromFile
BpfCompileBPFAsmFromStr
BpfCompileBPFDefinesFromFile
BpfCompileBPFDefinesFromStr
BpfCompileToFastBPF
BpfCreate
BpfDecompileBPFAsmToFile
BpfDecompileBPFAsmToStr
BpfDestroy
BpfLoadFromFile
BpfLoadFromMemory
BpfSaveToFile
BpfSaveToMemory
Events
Wrappers
HNPacket
HNQueue
HNTcpManager
HNTcpSession
HNLBAdapter
HNLBSession
HNLBHosts
Structures
Constants enumerations
Events
RFC
WinPCap to PSSDK migration module
Error codes
FAQ
Packet Sniffer SDK DLL Edition

HNUserFilter :: Methods :: BpfCompileBPFAsmFromStr

 Previous Next

Compiles the BPF filtering program written in BPF assembler from a string.

Syntax:

DWORD __stdcall BpfCompileBPFAsmFromStr(HANDLE hFtr, LPCSTR Str);

Parameters:

hFtr

[in] HNUserFilter object handle.

Str

[in] An ASCIIZ string containing BPF assembler program.

Return values:

HNERR_OKNo errors.
HNERR_ERRORErrors occured during the compilation. To track errors use OnBPFAsmError handler.

Description:

This function compiles the program written in BPF assembler to BPF filter. The definitions of the constants previously loaded by BpfCompileBPFDefinesFromFile and BpfCompileBPFDefinesFromStr functions may be used in the program.

Below there is an example of a program in BPF assembler for IP traffic filtering.

char BpfProg[]=
   "#define IP_PROTO   0x800 \n"
   "ld   P[12:2]             \n"  // A = WORD offset 12 (protocol in Ethernet header)
   "jeq  IP_PROTO, 0, Exit   \n"  // If A <> 0x800 (IP) - exit
   "ret  -1                  \n"  // Exit, it is IP packet - return TRUE
   "Exit:                    \n"
   "ret  0                   \n"; // Exit, it is not IP packet - return FALSE
See also:HNUserFilter, OnBPFAsmError, BPF instructions, BPF Assembler
Previous Next